﻿<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<!-- saved from url=(0074)mhtml:file://E:\sve-air\documentacion\Keys and Formats - Crypto++ Wiki.mht -->
<HTML lang=en dir=ltr><HEAD><TITLE>Keys and Formats - Crypto++ Wiki</TITLE>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META content="MSHTML 6.00.6000.17080" name=GENERATOR><LINK href="/favicon.ico" 
rel="shortcut icon"><LINK title="Crypto++ Wiki (en)" 
href="/w/opensearch_desc.php" type=application/opensearchdescription+xml 
rel=search><LINK title="Crypto++ Wiki Atom feed" 
href="/w/index.php?title=Special:RecentChanges&amp;feed=atom" 
type=application/atom+xml rel=alternate><LINK media=screen 
href="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/shared.css" 
rel=stylesheet><LINK media=print 
href="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/commonPrint.css" 
rel=stylesheet><LINK media=screen 
href="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/main.css" 
rel=stylesheet><!--[if lt IE 5.5000]><link rel="stylesheet" href="/w/skins/monobook/IE50Fixes.css?270" media="screen" /><![endif]--><!--[if IE 5.5000]><link rel="stylesheet" href="/w/skins/monobook/IE55Fixes.css?270" media="screen" /><![endif]--><!--[if IE 6]><link rel="stylesheet" href="/w/skins/monobook/IE60Fixes.css?270" media="screen" /><![endif]--><!--[if IE 7]><LINK 
media=screen 
href="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/IE70Fixes.css" 
rel=stylesheet><![endif]--><LINK 
href="/w/index.php?title=MediaWiki:Common.css&amp;usemsgcache=yes&amp;ctype=text%2Fcss&amp;smaxage=18000&amp;action=raw&amp;maxage=18000" 
rel=stylesheet><LINK media=print 
href="/w/index.php?title=MediaWiki:Print.css&amp;usemsgcache=yes&amp;ctype=text%2Fcss&amp;smaxage=18000&amp;action=raw&amp;maxage=18000" 
rel=stylesheet><LINK 
href="/w/index.php?title=MediaWiki:Monobook.css&amp;usemsgcache=yes&amp;ctype=text%2Fcss&amp;smaxage=18000&amp;action=raw&amp;maxage=18000" 
rel=stylesheet><LINK 
href="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/index.css" 
rel=stylesheet>
<SCRIPT>
var skin="monobook",
stylepath="/w/skins",
wgUrlProtocols="http\\:\\/\\/|https\\:\\/\\/|ftp\\:\\/\\/|irc\\:\\/\\/|gopher\\:\\/\\/|telnet\\:\\/\\/|nntp\\:\\/\\/|worldwind\\:\\/\\/|mailto\\:|news\\:|svn\\:\\/\\/",
wgArticlePath="/wiki/$1",
wgScriptPath="/w",
wgScriptExtension=".php",
wgScript="/w/index.php",
wgVariantArticlePath=false,
wgActionPaths={},
wgServer="http://www.cryptopp.com",
wgCanonicalNamespace="",
wgCanonicalSpecialPageName=false,
wgNamespaceNumber=0,
wgPageName="Keys_and_Formats",
wgTitle="Keys and Formats",
wgAction="view",
wgArticleId=1865,
wgIsArticle=true,
wgUserName=null,
wgUserGroups=null,
wgUserLanguage="en",
wgContentLanguage="en",
wgBreakFrames=false,
wgCurRevisionId=6666,
wgVersion="1.16.0",
wgEnableAPI=true,
wgEnableWriteAPI=true,
wgSeparatorTransformTable=["", ""],
wgDigitTransformTable=["", ""],
wgMainPageTitle="Main Page",
wgFormattedNamespaces={"-2": "Media", "-1": "Special", "0": "", "1": "Talk", "2": "User", "3": "User talk", "4": "Crypto++ Wiki", "5": "Crypto++ Wiki talk", "6": "File", "7": "File talk", "8": "MediaWiki", "9": "MediaWiki talk", "10": "Template", "11": "Template talk", "12": "Help", "13": "Help talk", "14": "Category", "15": "Category talk"},
wgNamespaceIds={"media": -2, "special": -1, "": 0, "talk": 1, "user": 2, "user_talk": 3, "crypto++_wiki": 4, "crypto++_wiki_talk": 5, "file": 6, "file_talk": 7, "mediawiki": 8, "mediawiki_talk": 9, "template": 10, "template_talk": 11, "help": 12, "help_talk": 13, "category": 14, "category_talk": 15, "image": 6, "image_talk": 7},
wgSiteName="Crypto++ Wiki",
wgCategories=["Sample", "Download"],
wgRestrictionEdit=[],
wgRestrictionMove=[];
</SCRIPT>

<SCRIPT 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/wikibits.js"></SCRIPT>

<SCRIPT 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/ajax.js"></SCRIPT>

<SCRIPT 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/index.php"></SCRIPT>
</HEAD>
<BODY class="mediawiki ltr ns-0 ns-subject page-Keys_and_Formats skin-monobook">
<DIV id=globalWrapper>
<DIV id=column-content>
<DIV id=content><A id=top></A>
<H1 class=firstHeading id=firstHeading>Keys and Formats</H1>
<DIV id=bodyContent>
<H3 id=siteSub>From Crypto++ Wiki</H3>
<DIV id=contentSub></DIV>
<DIV id=jump-to-nav>Jump to: <A 
href="http://www.cryptopp.com/wiki/Keys_and_Formats#column-one">navigation</A>, 
<A 
href="http://www.cryptopp.com/wiki/Keys_and_Formats#searchInput">search</A></DIV><!-- start content -->
<P><STRONG class=selflink>Keys and key formats</STRONG> are a popular topic on 
the Crypto++ mailing list. The topics range from what format is the key in, to 
how does one save and load a key. Topics on this page will include frequently <A 
class="external text" 
href="http://groups.google.com/group/cryptopp-users/browse_thread/thread/6e5c1add99f0870f">re-occurring 
answers</A> offered by folks like Geoff Beier. </P>
<P>Though this page discusses <TT>RSA</TT> and <TT>DSA</TT> keys in particular, 
the information applies equally to all Crypto++ asymmetric keys. This is due to 
the library's use of inheritance (for objects which derive from 
<TT>PublicKey</TT> and <TT>PrivateKey</TT>) and composition (for objects which 
derive from <TT>PublicKeyAlgorithm</TT> and <TT>PrivateKeyAlgorithm</TT>). </P>
<P>In general, we should use the key's <TT>Load</TT> and <TT>Save</TT> functions 
to achieve maximum interoperability with other libraries such as OpenSSL, Java, 
and Microsoft's .Net. <TT>Load</TT> and <TT>Save</TT> operate on PKCS #8's 
<I>PrivateKeyInfo</I> and X.509's <I>SubjectPublicKeyInfo</I>. Note that X.509, 
IETF's Privacy Enhanced Mail (PEM), and PKCS #1 (RSA Encryption Standard) are 
identical in their definitions of public RSA keys. </P>
<P>If the keys will stay within the program's boundaries, we can use PKCS #8's 
<I>PrivateKey</I> (part of <I>PrivateKeyInfo</I>) and X.509's <I>PublicKey</I> 
(part of <I>SubjectPublicKeyInfo</I>). PKCS #8's <I>PrivateKey</I> and X.509's 
<I>PublicKey</I> save on overhead of bytes and processing time at the cost of 
interoperability. </P>
<P>ASN.1 must be used when writing keys using X.509 and PKCS #8. In particular 
the keys must be written using DER encoding and subsequently read using BER 
encoding. BER is a bit sloppier than DER - the standard's intent was to 'write 
strict' and 'read loose' to promote interoperability. See <I><A 
class="external text" href="http://www.itu.int/rec/T-REC-X.690/en">X.690, 
Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and 
Distinguished Encoding Rules (DER)</A></I>. </P>
<P>Finally, two <A class="external text" href="http://www.codeproject.com/">Code 
Project</A> articles covering Crypto++, keys, and interoperability are 
available. See <A class="external text" 
href="http://www.codeproject.com/KB/security/CryptoInteropKeys.aspx">Cryptographic 
Interoperability: Keys</A> and <A class="external text" 
href="http://www.codeproject.com/KB/security/CryptoInteropSign.aspx">Cryptographic 
Interoperability: Digital Signatures</A>. </P>
<TABLE class=toc id=toc>
  <TBODY>
  <TR>
    <TD>
      <DIV id=toctitle>
      <H2>Contents</H2></DIV>
      <UL>
        <LI class="toclevel-1 tocsection-1"><A 
        href="http://www.cryptopp.com/wiki/Keys_and_Formats#Crypto.2B.2B_Key_Formats"><SPAN 
        class=tocnumber>1</SPAN> <SPAN class=toctext>Crypto++ Key 
        Formats</SPAN></A> 
        <UL>
          <LI class="toclevel-2 tocsection-2"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Private_Key_Format"><SPAN 
          class=tocnumber>1.1</SPAN> <SPAN class=toctext>Private Key 
          Format</SPAN></A> 
          <LI class="toclevel-2 tocsection-3"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Public_Key_Format"><SPAN 
          class=tocnumber>1.2</SPAN> <SPAN class=toctext>Public Key 
          Format</SPAN></A> 
          <LI class="toclevel-2 tocsection-4"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Crypto.2B.2B_PKCS8PrivateKey"><SPAN 
          class=tocnumber>1.3</SPAN> <SPAN class=toctext>Crypto++ 
          PKCS8PrivateKey</SPAN></A> 
          <LI class="toclevel-2 tocsection-5"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Crypto.2B.2B_X509PublicKey"><SPAN 
          class=tocnumber>1.4</SPAN> <SPAN class=toctext>Crypto++ 
          X509PublicKey</SPAN></A> </LI></UL>
        <LI class="toclevel-1 tocsection-6"><A 
        href="http://www.cryptopp.com/wiki/Keys_and_Formats#Generating.2C_Validating.2C_Saving.2C_and_Loading_Keys"><SPAN 
        class=tocnumber>2</SPAN> <SPAN class=toctext>Generating, Validating, 
        Saving, and Loading Keys</SPAN></A> 
        <UL>
          <LI class="toclevel-2 tocsection-7"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Generating_Keys"><SPAN 
          class=tocnumber>2.1</SPAN> <SPAN class=toctext>Generating 
          Keys</SPAN></A> 
          <LI class="toclevel-2 tocsection-8"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Saving_Keys"><SPAN 
          class=tocnumber>2.2</SPAN> <SPAN class=toctext>Saving Keys</SPAN></A> 
          <LI class="toclevel-2 tocsection-9"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Loading_Keys"><SPAN 
          class=tocnumber>2.3</SPAN> <SPAN class=toctext>Loading Keys</SPAN></A> 

          <LI class="toclevel-2 tocsection-10"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Validating_Keys"><SPAN 
          class=tocnumber>2.4</SPAN> <SPAN class=toctext>Validating 
          Keys</SPAN></A> </LI></UL>
        <LI class="toclevel-1 tocsection-11"><A 
        href="http://www.cryptopp.com/wiki/Keys_and_Formats#BER_and_DER_Encoding"><SPAN 
        class=tocnumber>3</SPAN> <SPAN class=toctext>BER and DER 
        Encoding</SPAN></A> 
        <UL>
          <LI class="toclevel-2 tocsection-12"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#DER_Encoding"><SPAN 
          class=tocnumber>3.1</SPAN> <SPAN class=toctext>DER Encoding</SPAN></A> 

          <LI class="toclevel-2 tocsection-13"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#BER_Decoding"><SPAN 
          class=tocnumber>3.2</SPAN> <SPAN class=toctext>BER Decoding</SPAN></A> 
          </LI></UL>
        <LI class="toclevel-1 tocsection-14"><A 
        href="http://www.cryptopp.com/wiki/Keys_and_Formats#High_Level_Objects"><SPAN 
        class=tocnumber>4</SPAN> <SPAN class=toctext>High Level 
        Objects</SPAN></A> 
        <UL>
          <LI class="toclevel-2 tocsection-15"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Decryptors_and_Signers"><SPAN 
          class=tocnumber>4.1</SPAN> <SPAN class=toctext>Decryptors and 
          Signers</SPAN></A> 
          <LI class="toclevel-2 tocsection-16"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Encryptors_and_Verifiers"><SPAN 
          class=tocnumber>4.2</SPAN> <SPAN class=toctext>Encryptors and 
          Verifiers</SPAN></A> 
          <LI class="toclevel-2 tocsection-17"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#RSAES_OAEP_SHA_.7BEncryptor.7CDecryptor.7D"><SPAN 
          class=tocnumber>4.3</SPAN> <SPAN 
          class=toctext>RSAES_OAEP_SHA_{Encryptor|Decryptor}</SPAN></A> 
          <LI class="toclevel-2 tocsection-18"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#RSASSA_PKCS1v15_SHA_.7BSigner.7CVerifier.7D"><SPAN 
          class=tocnumber>4.4</SPAN> <SPAN 
          class=toctext>RSASSA_PKCS1v15_SHA_{Signer|Verifier}</SPAN></A> 
</LI></UL>
        <LI class="toclevel-1 tocsection-19"><A 
        href="http://www.cryptopp.com/wiki/Keys_and_Formats#Dumping_PKCS_.238_and_X.509_Keys"><SPAN 
        class=tocnumber>5</SPAN> <SPAN class=toctext>Dumping PKCS #8 and X.509 
        Keys</SPAN></A> 
        <UL>
          <LI class="toclevel-2 tocsection-20"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#RSA_PublicKey"><SPAN 
          class=tocnumber>5.1</SPAN> <SPAN class=toctext>RSA 
          PublicKey</SPAN></A> 
          <LI class="toclevel-2 tocsection-21"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#RSA_PrivateKey"><SPAN 
          class=tocnumber>5.2</SPAN> <SPAN class=toctext>RSA 
          PrivateKey</SPAN></A> 
          <LI class="toclevel-2 tocsection-22"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#DSA_PublicKey"><SPAN 
          class=tocnumber>5.3</SPAN> <SPAN class=toctext>DSA 
          PublicKey</SPAN></A> 
          <LI class="toclevel-2 tocsection-23"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#DSA_PrivateKey"><SPAN 
          class=tocnumber>5.4</SPAN> <SPAN class=toctext>DSA 
          PrivateKey</SPAN></A> </LI></UL>
        <LI class="toclevel-1 tocsection-24"><A 
        href="http://www.cryptopp.com/wiki/Keys_and_Formats#Raw_vs_Cooked"><SPAN 
        class=tocnumber>6</SPAN> <SPAN class=toctext>Raw vs Cooked</SPAN></A> 
        <UL>
          <LI class="toclevel-2 tocsection-25"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Hex_Encoding_and_Decoding"><SPAN 
          class=tocnumber>6.1</SPAN> <SPAN class=toctext>Hex Encoding and 
          Decoding</SPAN></A> 
          <LI class="toclevel-2 tocsection-26"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#Base64_Encoding_and_Decoding"><SPAN 
          class=tocnumber>6.2</SPAN> <SPAN class=toctext>Base64 Encoding and 
          Decoding</SPAN></A> </LI></UL>
        <LI class="toclevel-1 tocsection-27"><A 
        href="http://www.cryptopp.com/wiki/Keys_and_Formats#OpenSSL_Commands"><SPAN 
        class=tocnumber>7</SPAN> <SPAN class=toctext>OpenSSL Commands</SPAN></A> 

        <UL>
          <LI class="toclevel-2 tocsection-28"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#RSA_Public_Key_.28SubjectPublicKeyInfo.29"><SPAN 
          class=tocnumber>7.1</SPAN> <SPAN class=toctext>RSA Public Key 
          (SubjectPublicKeyInfo)</SPAN></A> 
          <LI class="toclevel-2 tocsection-29"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#RSA_Private_Key_.28PrivateKeyInfo.29"><SPAN 
          class=tocnumber>7.2</SPAN> <SPAN class=toctext>RSA Private Key 
          (PrivateKeyInfo)</SPAN></A> 
          <LI class="toclevel-2 tocsection-30"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#DSA_Public_Key_.28SubjectPublicKeyInfo.29"><SPAN 
          class=tocnumber>7.3</SPAN> <SPAN class=toctext>DSA Public Key 
          (SubjectPublicKeyInfo)</SPAN></A> 
          <LI class="toclevel-2 tocsection-31"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#DSA_Private_Key_.28PrivateKeyInfo.29"><SPAN 
          class=tocnumber>7.4</SPAN> <SPAN class=toctext>DSA Private Key 
          (PrivateKeyInfo)</SPAN></A> 
          <LI class="toclevel-2 tocsection-32"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#ECC_Public_Key_.28SubjectPublicKeyInfo.29"><SPAN 
          class=tocnumber>7.5</SPAN> <SPAN class=toctext>ECC Public Key 
          (SubjectPublicKeyInfo)</SPAN></A> 
          <LI class="toclevel-2 tocsection-33"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#ECC_Private_Key_.28PrivateKeyInfo.29"><SPAN 
          class=tocnumber>7.6</SPAN> <SPAN class=toctext>ECC Private Key 
          (PrivateKeyInfo)</SPAN></A> </LI></UL>
        <LI class="toclevel-1 tocsection-34"><A 
        href="http://www.cryptopp.com/wiki/Keys_and_Formats#GnuTLS_Commands"><SPAN 
        class=tocnumber>8</SPAN> <SPAN class=toctext>GnuTLS Commands</SPAN></A> 
        <UL>
          <LI class="toclevel-2 tocsection-35"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#RSA_Public_Key_.28SubjectPublicKeyInfo.29_2"><SPAN 
          class=tocnumber>8.1</SPAN> <SPAN class=toctext>RSA Public Key 
          (SubjectPublicKeyInfo)</SPAN></A> 
          <LI class="toclevel-2 tocsection-36"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#RSA_Private_Key_.28PrivateKeyInfo.29_2"><SPAN 
          class=tocnumber>8.2</SPAN> <SPAN class=toctext>RSA Private Key 
          (PrivateKeyInfo)</SPAN></A> 
          <LI class="toclevel-2 tocsection-37"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#DSA_Public_Key_.28SubjectPublicKeyInfo.29_2"><SPAN 
          class=tocnumber>8.3</SPAN> <SPAN class=toctext>DSA Public Key 
          (SubjectPublicKeyInfo)</SPAN></A> 
          <LI class="toclevel-2 tocsection-38"><A 
          href="http://www.cryptopp.com/wiki/Keys_and_Formats#DSA_Private_Key_.28PrivateKeyInfo.29_2"><SPAN 
          class=tocnumber>8.4</SPAN> <SPAN class=toctext>DSA Private Key 
          (PrivateKeyInfo)</SPAN></A> </LI></UL>
        <LI class="toclevel-1 tocsection-39"><A 
        href="http://www.cryptopp.com/wiki/Keys_and_Formats#Downloads"><SPAN 
        class=tocnumber>9</SPAN> <SPAN class=toctext>Downloads</SPAN></A> 
      </LI></UL></TD></TR></TBODY></TABLE>
<SCRIPT>if (window.showTocToggle) { var tocShowText = "show"; var tocHideText = "hide"; showTocToggle(); } </SCRIPT>

<H2><SPAN class=mw-headline id=Crypto.2B.2B_Key_Formats>Crypto++ Key Formats 
</SPAN></H2>
<P>Internally, Crypto++ uses a key representation that follows the real world 
object of interest. However, a raw byte dump of a Crypto++ key object is 
generally useless outside of the library. For example, Crypto++ <B>does not</B> 
represent a private key in PKCS #8 format with an ASN.1 encoding, so a dump is 
not useful for interoperability. A Crypto++ key <B>does</B> offer methods which 
allow the library to work with many popular formats, including PKCS #8 and 
X.509. </P>
<H3><SPAN class=mw-headline id=Private_Key_Format>Private Key Format 
</SPAN></H3>
<DIV class=floatright><A class=image title="Logical depiction of PrivateKeyInfo" 
href="http://www.cryptopp.com/wiki/File:Private-key-info.png"><IMG height=143 
alt="Logical depiction of PrivateKeyInfo" 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mht93(1).tmp" 
width=188></A></DIV>The external private key format used by Crypto++ is <I><A 
class="external text" href="http://www.rsa.com/rsalabs/node.asp?id=2130">PKCS 
#8: Private-Key Information Syntax Standard</A></I>. The PKCS standard dictates 
an ASN.1 encoding of the key. ASN.1 is <A class="external text" 
href="http://www.itu.int/rec/T-REC-X.690/">Abstract Syntax Notation</A> and is 
specified in ITU's <I><A class="external text" 
href="http://www.itu.int/rec/T-REC-X.690/">X.690, Specification of Basic 
Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding 
Rules (DER)</A></I>. 
<P>Conceptually, there are two parts to the format. The 'first' part is 
packaging information such as an OID, version, and attributes. The 'second' part 
is the actual serialized key bits. In PKCS #8, the 'first' part is called 
<I>PrivateKeyInfo</I>, while the second part is called a <I>PrivateKey</I>. </P>
<P>In practice, we should think of the 'second ' part as <I>XxxPrivateKey</I>, 
where the 'Xxx' will be set later once the OID is known. For example, if the OID 
is that of <TT>rsaEncryption</TT>, <I>XxxPrivateKey</I> becomes 
<I>RsaPrivateKey</I>. If the OID is <TT>dsa</TT>, then <I>XxxPrivateKey</I> 
becomes <I>DsaPrivateKey</I>. </P>
<P>The depiction of the PrivateKey shows sample data <TT>00 B7 67 B4 ...</TT>. 
The sample data is encoded using an ASN.1 <I>Octet String</I>. Note that the 
PrivateKeyInfo encompasses the PrivateKey (they are not laid out sequentially). 
</P>
<H3><SPAN class=mw-headline id=Public_Key_Format>Public Key Format </SPAN></H3>
<DIV class=floatright><A class=image title="Logical depiction of PublicKeyInfo" 
href="http://www.cryptopp.com/wiki/File:Public-key-info.png"><IMG height=143 
alt="Logical depiction of PublicKeyInfo" 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mht96(1).tmp" 
width=188></A></DIV>The external public key format used by Crypto++ is <I><A 
class="external text" href="http://www.itu.int/rec/T-REC-X.509/">X.509: 
Public-key and attribute certificate frameworks</A></I>. As with PKCS #8, keys 
are encoded using ASN.1. 
<P>Conceptually, there are two parts to the format. The 'first' part is 
packaging with information such as an OID. The 'second' part is the actual 
serialized key bits (it sounds a lot like a PKCS #8 all over again). In X.509, 
the 'first' part is called <I>PublicKeyInfo</I>, while the second part is called 
a <I>PublicKey</I>. As with <I>XxxPrivateKey</I>, we should expect to nail down 
a key type once the OID is known so that <I>XxxPublicKey</I> becomes 
<I>RsaPublicKey</I>, <I>DsaPublicKey</I> (etc.). </P>
<P>The PublicKey diverges from PKCS #8 in the ASN.1 data type used to encode the 
PublicKey. The depiction of the PublicKey shows sample data of 
<TT>10101010111...</TT>. The sample data is encoded using an ASN.1 <I>Binary 
String</I>. As with PKCS #8, the PublicKeyInfo encompasses the PublicKey (they 
are not laid out sequentially). </P>
<H3><SPAN class=mw-headline id=Crypto.2B.2B_PKCS8PrivateKey>Crypto++ 
PKCS8PrivateKey </SPAN></H3>
<P><TT>RSA::PrivateKey</TT> and <TT>DSA::PrivateKey</TT> are the Crypto++ 
objects which encapsulate much of the RSA and DSA standards keys (ie, PKCS, 
X.509, IEEE, and IETF). Each inherit from a <TT>PrivateKey</TT> and more 
importantly a <TT>PKCS8PrivateKey</TT>. The documentation for 
<TT>PKCS8PrivateKey</TT> class is located in the <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_p_k_c_s8_private_key.html">PKCS8PrivateKey 
Class Reference</A> and shows the class offers <TT>Load</TT> and <TT>Save</TT> 
functions. </P>
<H3><SPAN class=mw-headline id=Crypto.2B.2B_X509PublicKey>Crypto++ X509PublicKey 
</SPAN></H3>
<P>Similarly, <TT>RSA::PublicKey</TT> and <TT>DSA::PublicKey</TT> each inherit 
from a <TT>PublicKey</TT> and <TT>X509PublicKey</TT>. The documentation for the 
<TT>X509PublicKey</TT> class is located in the <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_x509_public_key.html">X509PublicKey 
Class Reference</A> and shows the class offers <TT>Load</TT> and <TT>Save</TT> 
functions. </P>
<H2><SPAN class=mw-headline 
id=Generating.2C_Validating.2C_Saving.2C_and_Loading_Keys>Generating, 
Validating, Saving, and Loading Keys </SPAN></H2>
<P>We will need a program to generate both an RSA key pair and DSA key pairs. 
For that, we will use <A class=internal title=Cryptopp-key-gen.zip 
href="http://www.cryptopp.com/w/images/4/4f/Cryptopp-key-gen.zip">cryptopp-key-gen</A>. 
cryptopp-key-gen generates and saves the keys for demonstration purposes. The 
RSA keys can be used for encryption (see <A title="RSA Cryptography" 
href="http://www.cryptopp.com/wiki/RSA_Cryptography#Encryption_Scheme">RSA 
Encryption Schemes</A>) or signatures (see <A title="RSA Cryptography" 
href="http://www.cryptopp.com/wiki/RSA_Cryptography#Signature_Scheme">RSA 
Signature Schemes</A>); and the DSA key are used with the <A 
title="Digital Signature Algorithm" 
href="http://www.cryptopp.com/wiki/Digital_Signature_Algorithm">Digital 
Signature Algorithm</A>. </P>
<P><B>Note</B>: <SPAN style="COLOR: orange"><TT>RSA::PrivateKey</TT> and 
<TT>DSA::PrivateKey</TT> are the Crypto++ equivalent of PKCS #8 
<I>PrivateKeyInfo</I> type. Similarly, <TT>RSA::PublicKey</TT> and 
<TT>DSA::PublicKey</TT> are the X.509 <I>PublicKeyInfo</I> type</SPAN>. If you 
want to save or load a key in PKCS #8 <I>XxxPrivateKey</I> format or X.509 
<I>XxxPublicKey</I> format, see <A 
href="http://www.cryptopp.com/wiki/Keys_and_Formats#BER_and_DER_Encoding">BER 
and DER Encoding</A> below. </P><PRE>////////////////////////////////////////////////////////////////////////////////////

RSA::PrivateKey rsaPrivate;
rsaPrivate.GenerateRandomWithKeySize(rnd, 3072);

RSA::PublicKey rsaPublic(rsaPrivate);

SavePrivateKey("rsa-private.key", rsaPrivate);
SavePublicKey("rsa-public.key", rsaPublic);

////////////////////////////////////////////////////////////////////////////////////

DSA::PrivateKey dsaPrivate;
dsaPrivate.GenerateRandomWithKeySize(rnd, 1024);

DSA::PublicKey dsaPublic;
dsaPrivate.MakePublicKey(dsaPublic);

SavePrivateKey("dsa-private.key", dsaPrivate);
SavePublicKey("dsa-public.key", dsaPublic);</PRE>
<H3><SPAN class=mw-headline id=Generating_Keys>Generating Keys </SPAN></H3>
<P>Key generation will for RSA and DSA are very similar. 
<TT>RSA::PrivateKey</TT> and <TT>DSA::PrivateKey</TT> each inherit from 
Crypto++'s <TT>PrivateKey</TT> (documented at <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_private_key.html">PrivateKey Class 
Reference</A>), which offers <TT>GenerateRandom</TT> and 
<TT>GenerateRandomWithKeySize</TT>. Both Crypto++ methods take a 
<TT>RandomNumberGenerator</TT> (documented at <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_random_number_generator.html">RandomNumberGenerator 
Class Reference</A>), and the later takes a generator and bit size. </P>
<P>When choosing a bit size, current best practices (from NIST) dictates we use 
a <A title="Security Level" 
href="http://www.cryptopp.com/wiki/Security_Level">security level of 128</A> (80 
and 112 <A title="Security Level" 
href="http://www.cryptopp.com/wiki/Security_Level">bits of security</A> should 
not be used in new systems). This means we should use an RSA modulus size of 
3072 bits. This also means that a DSS version 1 or version 2 DSA key pairs are 
too weak to satisfy contemporary security requirements (a 1024 bit DSA key 
offers about 80 ideal bits of security). </P>
<P>In the code below, we create an RSA key of 3072 bits, and a DSA key of 1024 
bits (per DSS Version 2). <TT>AutoSeededRandomPool</TT> is a PGP Random 
Pool-like generator. If you need more security in a generator, use an 
<TT>X917RNG</TT> (from ANSI 9.17 Appendix C and based on DES) or 
<TT>AutoSeededX917RNG</TT> based on the <TT>AES</TT> block cipher. </P><PRE>AutoSeededRandomPool rnd;

RSA::PrivateKey rsaPrivate;
rsaPrivate.GenerateRandomWithKeySize(rnd, 3072);

DSA::PrivateKey dsaPrivate;
dsaPrivate.GenerateRandomWithKeySize(rnd, 1024);</PRE>
<P>We create public keys from the private keys as follows. The 
<TT>RSA::PublicKey</TT> allows us to use the private key in the constructor. The 
<TT>DSA::PublicKey</TT> requires we use <TT>MakePublicKey</TT>. </P><PRE>RSA::PublicKey rsaPublic(rsaPrivate);

DSA::PublicKey dsaPublic;
dsaPrivate.MakePublicKey(dsaPublic);</PRE>
<H3><SPAN class=mw-headline id=Saving_Keys>Saving Keys </SPAN></H3>
<P>Crypto++ is full of self documenting source code<SUP>TM</SUP>. If we search 
the sources for ".Save" (notice the period since its a method), we find at least 
25 files which use the function. Of particular interest is test.cpp, which is 
part of <I>cryptest.exe</I>, and which we know will generate and save keys. 
Unfortunately, <TT>GenerateRSAKey</TT> writes a <A title=HexEncoder 
href="http://www.cryptopp.com/wiki/HexEncoder">hex encoded</A> key, which does 
not promote poking and prodding by tools such as <I>dumpasn1</I>. </P>
<P>Moving on to validate2.cpp, we find a lot of loading and saving into <A 
class=new title="ByteQueue (page does not exist)" 
href="http://www.cryptopp.com/w/index.php?title=ByteQueue&amp;action=edit&amp;redlink=1">byte 
queues</A>. A <TT>ByteQueue</TT> is a good choice for a <A title=Sink 
href="http://www.cryptopp.com/wiki/Sink">sink</A> since it uses a secure 
allocator - <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_sec_block.html">SecByteBlock</A> - 
which ensures the key material will be zeroized when the <TT>ByteQueue</TT>'s 
destructor runs. A sample from validate2.cpp is shown below. </P><PRE>ByteQueue queue;
priv.AccessKey().SavePrecomputation(queue);</PRE>
<P>Where the library uses <TT>AccessKey</TT> and then calls 
<TT>SavePrecomputation</TT>, we already have the key (so there's no need to call 
<TT>AccessKey</TT>), and we are only interested in saving the key itself (rather 
than the precomputation and other trap-door goodies). In keeping with the 
library, our function to save a public key is as follows (a private key is 
similar). </P><PRE>void SavePublicKey(const string&amp; filename, const PublicKey&amp; key)
{
    ByteQueue queue;
    key.Save(queue);

    Save(filename, queue);
}</PRE>
<P><TT>SavePublicKey</TT> and <TT>SavePrivateKey</TT> take a Crypto++ 
<TT>PublicKey</TT> and <TT>PrivateKey</TT> and simply write the key to file. In 
the spirit of object orientedness, <TT>SavePublicKey</TT> and 
<TT>SavePrivateKey</TT> call <TT>Save</TT>. cryptopp-key-gen's use of 
<TT>Save</TT> is nearly identical to the library's use of <TT>Save</TT> (nearly 
identical because object oriented interface programming has a lot of function 
calls that don't actually do much of anything). </P>
<P>If we departed a bit from object oriented and interface programming (by 
yanking cryptopp-key-gen <TT>Save</TT>), we could probably do away with the 
calls to <TT>CopyTo</TT> and <TT>MessageEnd</TT> at the cost of duplicating 
functionality (heaven forbid!). </P><PRE>void Save(const string&amp; filename, const BufferedTransformation&amp; bt)
{
    FileSink file(filename.c_str());

    bt.CopyTo(file);
    file.MessageEnd();
}</PRE>
<H3><SPAN class=mw-headline id=Loading_Keys>Loading Keys </SPAN></H3>
<P>Though we would like to leave key loading as an exercise to the reader, its 
probably best if an article which discusses how to load a key were to 
demonstrate how to do it. </P>
<P>Just as both <TT>PKCS8PrivateKey</TT> and <TT>X509PublicKey</TT> offered a 
<TT>Save</TT>, each offers <TT>Load</TT>. To use <TT>Load</TT>, we create three 
thin wrappers (two of which are shown) that are the antithesis of the functions 
we used for <TT>Save</TT>. That is, data will flow from a <TT>FileSource</TT>, 
into a <TT>BufferedTransformation</TT>, and then loaded by the key. </P><PRE>void LoadPublicKey(const string&amp; filename, PublicKey&amp; key);
void Load(const string&amp; filename, BufferedTransformation&amp; bt)</PRE>
<P>cryptopp-key-gen's low level <TT>Load</TT> fills the caller's 
<TT>BufferedTransformation</TT> with the file's data: </P><PRE>void Load(const string&amp; filename, BufferedTransformation&amp; bt)
{
    FileSource file(filename.c_str(), true /*pumpAll*/);

    file.TransferTo(bt);
    bt.MessageEnd();
}</PRE>
<P>And <TT>LoadPublicKey</TT> calls load on the Crypto++ key: </P><PRE>void LoadPublicKey(const string&amp; filename, PublicKey&amp; key)
{
    ByteQueue queue;
    Load(filename, queue);

    key.Load(queue);    
}</PRE>
<P>Finally, we can verify that the key "round trips" with the following. </P><PRE>RSA::PrivateKey key1, key2;
key1.GenerateRandomWithKeySize(rnd, 3072);

SavePrivateKey("rsa-roundtrip.key", key1);
LoadPrivateKey("rsa-roundtrip.key", key2);

if(key1.GetModulus()&nbsp;!= key2.GetModulus() ||
   key1.GetPublicExponent()&nbsp;!= key2.GetPublicExponent() ||
   key1.GetPrivateExponent()&nbsp;!= key2.GetPrivateExponent())
{
    throw runtime_error("key data did not round trip");
}</PRE>
<H3><SPAN class=mw-headline id=Validating_Keys>Validating Keys </SPAN></H3>
<P>A key should be validated once generated or loaded. <TT>CryptoMaterial</TT> 
(from which <TT>PublicKey</TT> and <TT>PrivateKey</TT> inherit) offers 
<TT>Validate</TT>. <TT>Validate</TT> takes a <TT>RandomNumberGenerator</TT> and 
a level, and returns a boolean. The comments accompanying <TT>Validate</TT> in 
<TT>CryptoMaterial</TT> state (see the <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_crypto_material.html">CryptoMaterial 
Class Reference</A>): </P>
<BLOCKQUOTE>Level denotes the level of thoroughness: 0 - using this object 
  won't cause a crash or exception (rng is ignored); 1 - this object will 
  probably function (encrypt, sign, etc.) correctly (but may not check for weak 
  keys and such); 2 - make sure this object will function correctly, and do 
  reasonable security checks; 3 - do checks that may take a long 
time.</BLOCKQUOTE>
<P>The code to validate a key once generated or loaded is as follows. </P><PRE>if(!rsaPrivate.Validate(rnd, 3))
    throw runtime_error("Rsa private key validation failed");

if(!dsaPrivate.Validate(rnd, 3))
    throw runtime_error("Dsa private key validation failed");</PRE>
<H2><SPAN class=mw-headline id=BER_and_DER_Encoding>BER and DER Encoding 
</SPAN></H2>
<DIV class="thumb tright">
<DIV class=thumbinner style="WIDTH: 182px"><A class=image 
href="http://www.cryptopp.com/wiki/File:Rsa-der-key.png"><IMG class=thumbimage 
height=104 alt="" 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mht99(1).tmp" 
width=180></A> 
<DIV class=thumbcaption>
<DIV class=magnify><A class=internal title=Enlarge 
href="http://www.cryptopp.com/wiki/File:Rsa-der-key.png"><IMG height=11 alt="" 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mht9C(1).tmp" 
width=15></A></DIV>DER encoded public and private RSA 
keys</DIV></DIV></DIV>Recall from <A 
href="http://www.cryptopp.com/wiki/Keys_and_Formats#Private_Key_Format">Private 
Key Format</A> and <A 
href="http://www.cryptopp.com/wiki/Keys_and_Formats#Public_Key_Format">Public 
Key Format</A> that PKCS #8 and X.509 have an 'outer' <I>PrivateKeyInfo</I> or 
<I>SubjectPublicKeyInfo</I>. The outer structure includes information such as 
OID and version. Within the ASN.1 structure is the actual key material upon 
which an algorithm operates. For example, a <I>RsaPublicKey</I> would have a 
public exponent 'e' and modulus 'n', while a <I>DsaPrivateKey</I> key would have 
'p', 'q', 'g', and 'x'. 
<P>Crypto++ offers functions to save and load the 'inner' key material via 
<TT>DEREncodePrivateKey</TT>, <TT>DEREncodePublicKey</TT>, 
<TT>BERDecodePrivateKey</TT>, and <TT>BERDecodePublicKey</TT>. When using the 
encoding function, keep in mind that you might lose interoperability with other 
libraries. </P>
<P>Writing a key uses DER encoding (most strict encoding rules), while reading a 
key uses BER decoding (sloppy decoding rules). The strict/sloppy in reading and 
writing is required by the ITU and promotes interoperability. </P>
<P>The code below is available in <A class=internal 
title=Cryptopp-key-encode.zip 
href="http://www.cryptopp.com/w/images/f/f7/Cryptopp-key-encode.zip">cryptopp-key-encode.zip</A>. 
</P>
<H3><SPAN class=mw-headline id=DER_Encoding>DER Encoding </SPAN></H3>
<P>The code below demonstrates saving the key material of a RSA public key. Note 
that we must specifically use <TT>RSA::PrivateKey</TT> and 
<TT>RSA::PublicKey</TT>. </P><PRE>int main(int argc, char** argv)
{
    AutoSeededRandomPool rnd;

    try
    {
        RSA::PrivateKey rsaPrivate;
        rsaPrivate.GenerateRandomWithKeySize(rnd, 3072);

        RSA::PublicKey rsaPublic(rsaPrivate);

        EncodePrivateKey("rsa-private.key", rsaPrivate);
        EncodePublicKey("rsa-public.key", rsaPublic);

        cout &lt;&lt; "Successfully generated and saved RSA keys" &lt;&lt; endl;
    }

    catch(CryptoPP::Exception&amp; e)
    {
        cerr &lt;&lt; e.what() &lt;&lt; endl;
        return -1;
    }

    return 0;
}

void EncodePrivateKey(const string&amp; filename, const RSA::PrivateKey&amp; key)
{
    ByteQueue queue;
    key.DEREncodePrivateKey(queue);

    Encode(filename, queue);
}

void EncodePublicKey(const string&amp; filename, const RSA::PublicKey&amp; key)
{
    ByteQueue queue;
    key.DEREncodePublicKey(queue);

    Encode(filename, queue);
}

void Encode(const string&amp; filename, const BufferedTransformation&amp; bt)
{
    FileSink file(filename.c_str());

    bt.CopyTo(file);
    file.MessageEnd();
}</PRE>
<H3><SPAN class=mw-headline id=BER_Decoding>BER Decoding </SPAN></H3>
<P>BER Decoding is somewhat more cumbersome to use. The generic interface of 
<TT>DEREncodePrivateKey</TT> and <TT>DEREncodePublicKey</TT> are: </P><PRE>BERDecodePrivateKey (BufferedTransformation &amp;bt, bool parametersPresent, size_t size)
BERDecodePublicKey (BufferedTransformation &amp;bt, bool parametersPresent, size_t size)</PRE>
<P>Examining the source code in <TT>rsa.cpp</TT>, neither 
<TT>parametersPresent</TT> nor <TT>size</TT> are used 
(<TT>parametersPresent</TT> is only needed for 
<TT>DL_PrivateKey_EC&lt;EC&gt;</TT>, which is a base class for an elliptic curve 
key), so we pass false. Though unused, we pass the number of bytes in the queue 
for <TT>size</TT>. </P><PRE>int main(int argc, char** argv)
{
	AutoSeededRandomPool rnd;

	try
	{
		RSA::PrivateKey k1;
		DecodePrivateKey("rsa-private.key", k1);

		RSA::PublicKey k2;
		DecodePublicKey("rsa-public.key", k2);

		cout &lt;&lt; "Successfully loaded RSA keys" &lt;&lt; endl;

		////////////////////////////////////////////////////////////////////////////////////

		if(!k1.Validate(rnd, 3))
			throw runtime_error("Rsa private key validation failed");

		if(!k2.Validate(rnd, 3))
			throw runtime_error("Rsa public key validation failed");

		cout &lt;&lt; "Successfully validated RSA keys" &lt;&lt; endl;

		////////////////////////////////////////////////////////////////////////////////////

		if(k1.GetModulus()&nbsp;!= k2.GetModulus() ||
		   k1.GetPublicExponent()&nbsp;!= k2.GetPublicExponent())
		{
		    throw runtime_error("key data did not round trip");
		}

		cout &lt;&lt; "Successfully round-tripped RSA keys" &lt;&lt; endl;
	}

	catch(CryptoPP::Exception&amp; e)
	{
		cerr &lt;&lt; e.what() &lt;&lt; endl;
		return -1;
	}

	return 0;
}

void DecodePrivateKey(const string&amp; filename, RSA::PrivateKey&amp; key)
{
	ByteQueue queue;

	Decode(filename, queue);
	key.BERDecodePrivateKey(queue, false /*paramsPresent*/, queue.MaxRetrievable());
}

void DecodePublicKey(const string&amp; filename, RSA::PublicKey&amp; key)
{
	ByteQueue queue;

	Decode(filename, queue);
	key.BERDecodePublicKey(queue, false /*paramsPresent*/, queue.MaxRetrievable());
}

void Decode(const string&amp; filename, BufferedTransformation&amp; bt)
{
	FileSource file(filename.c_str(), true /*pumpAll*/);

	file.TransferTo(bt);
	bt.MessageEnd();
}</PRE>
<H2><SPAN class=mw-headline id=High_Level_Objects>High Level Objects 
</SPAN></H2>
<P>It might be prudent to use Crypto++'s higher level objects, such as 
<TT>RSAES_PKCS1v15_Decryptor</TT>, <TT>RSAES_OAEP_SHA_Decryptor</TT>, and 
<TT>RSASSA_PKCS1v15_SHA_Signer</TT> to generate key pairs, rather than 
<TT>RSA::PrivateKey</TT>. This is because the higher level objects will have 
knowledge of (and corresponding logic for) domain specific issues, such as use 
of <I>safe primes</I> versus <I>random primes</I>. When in doubt, use the high 
level objects. </P>
<H3><SPAN class=mw-headline id=Decryptors_and_Signers>Decryptors and Signers 
</SPAN></H3>
<P>Generally speaking, Crypto++ high level objects such as 
<TT>RSAES_OAEP_SHA_Decryptor</TT> and <TT>RSASSA_PKCS1v15_SHA_Signer</TT> "HAVE 
A" <I>PrivateKey</I>. More correctly, decryptors inherit from 
<TT>PK_Decryptor</TT> and signers inherit from <TT>PK_Signer</TT>, both of which 
trace their lineage back to <TT>PrivateKeyAlgorithm</TT>. See <A 
class="external text" 
href="http://www.cryptopp.com/docs/ref/class_p_k___decryptor.html">PK_Decryptor 
Class Reference</A>, <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_p_k___signer.html">PK_Signer Class 
Reference</A>, and <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_private_key_algorithm.html">PrivateKeyAlgorithm 
Class Reference</A>. </P>
<H3><SPAN class=mw-headline id=Encryptors_and_Verifiers>Encryptors and Verifiers 
</SPAN></H3>
<P>Similar to decryptors and signers, Crypto++ high level objects such as 
<TT>RSAES_OAEP_SHA_Encryptor</TT> and <TT>RSASSA_PKCS1v15_SHA_Verifier</TT> 
"HAVE A" <I>PublicKey</I>. Encryptors inherit from <TT>PK_Encryptor</TT> and 
verifiers inherit from <TT>PK_Verifier</TT>, both of which trace their lineage 
back to <TT>PublicKeyAlgorithm</TT>. See <A class="external text" 
href="http://www.cryptopp.com/docs/ref/annotated.html">PK_Encryptor Class 
Reference</A>, <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_p_k___verifier.html">PK_Verifier 
Class Reference</A>, and <A class="external text" 
href="http://www.cryptopp.com/docs/ref/class_public_key_algorithm.html">PublicKeyAlgorithm 
Class Reference</A>. </P>
<H3><SPAN class=mw-headline 
id=RSAES_OAEP_SHA_.7BEncryptor.7CDecryptor.7D>RSAES_OAEP_SHA_{Encryptor|Decryptor} 
</SPAN></H3>
<P>The following demonstrates how to create a public and private key pair using 
<TT>RSAES_OAEP_SHA_Decryptor</TT> and <TT>RSAES_OAEP_SHA_Encryptor</TT>. Since 
the high level objects use composition ("HAS A"), we use <TT>AccessKey</TT> to 
fetch the key before calling methods on the key. </P><PRE>RSAES_OAEP_SHA_Decryptor rsaPrivate;
rsaPrivate.AccessKey().GenerateRandomWithKeySize(rnd, 3072);
RSAES_OAEP_SHA_Encryptor rsaPublic(rsaPrivate);

SavePrivateKey("rsa-private.key", rsaPrivate.AccessKey());
SavePublicKey("rsa-public.key", rsaPublic.AccessKey());</PRE>
<H3><SPAN class=mw-headline 
id=RSASSA_PKCS1v15_SHA_.7BSigner.7CVerifier.7D>RSASSA_PKCS1v15_SHA_{Signer|Verifier} 
</SPAN></H3>
<P>The following shows how to create a public and private key pair using 
<TT>RSASSA_PKCS1v15_SHA_Signer</TT> and <TT>RSASSA_PKCS1v15_SHA_Verifier</TT>. 
The objects also use composition ("HAS A"), so <TT>AccessKey</TT> fetches the 
key before calling methods on the key. </P><PRE>RSASSA_PKCS1v15_SHA_Signer rsaPrivate;
rsaPrivate.AccessKey().GenerateRandomWithKeySize(rnd, 3072);
RSASSA_PKCS1v15_SHA_Verifier rsaPublic(rsaPrivate);

SavePrivateKey("rsa-private.key", rsaPrivate.AccessKey());
SavePublicKey("rsa-public.key", rsaPublic.AccessKey());</PRE>
<H2><SPAN class=mw-headline id=Dumping_PKCS_.238_and_X.509_Keys>Dumping PKCS #8 
and X.509 Keys </SPAN></H2>
<P>Now that we have an understanding of the key formats, its time to poke and 
prod the keys a bit to further our understanding. To dump the keys, Peter 
Guttman's <I><A class="external text" 
href="http://www.cs.auckland.ac.nz/~pgut001/">dumpasn1</A></I> works well from 
the command line. For the visual world, <A class="external text" 
href="http://www.obj-sys.com/">Objective Systems</A> has a free <A 
class="external text" href="http://www.obj-sys.com/asn1-viewer.php">ASN.1 
Viewer</A>. </P>
<H3><SPAN class=mw-headline id=RSA_PublicKey>RSA PublicKey </SPAN></H3>
<P>Recall that cryptopp-key-gen saved rsa-public.key as a X.509 
<I>PublicKeyInfo</I> type. In programming terms, here's what the 
<I>PublicKeyInfo</I> looks like (the definitions are taken directly from X.509). 
</P><PRE>PublicKeyInfo&nbsp;::= SEQUENCE {
  algorithm AlgorithmIdentifier,
  PublicKey BIT STRING
}

AlgorithmIdentifier&nbsp;::= SEQUENCE {
  algorithm ALGORITHM.id,
  parameters ALGORITHM.type OPTIONAL
}</PRE>
<P>X.509 specifies the format includes an inner <I>PublicKey</I>, but does not 
specify what the inner key is. Since the OID is for and RSA public key, the type 
is actually a <I>RSAPublicKey</I>. In this case, we can get the definition from 
X.509 or get the definition from PKCS #1 (the definitions are equivalent): </P><PRE>RSAPublicKey&nbsp;::= SEQUENCE {
  modulus INTEGER,
  publicExponent INTEGER
}</PRE>
<P>Often times, the public exponent can act as a library indicator if the 
default is used: Crypto++ uses 17, GnuTLS, Java, and OpenSSL use 65537, and 
Microsoft's .Net uses 3. Notice the public exponent is selected with a low 
Hamming weight to speed up computation. </P>
<DIV class=center>
<DIV class=floatnone><A class=image title="ASN.1 dump of rsa-public.key" 
href="http://www.cryptopp.com/wiki/File:Rsa-public-dump.png"><IMG height=469 
alt="ASN.1 dump of rsa-public.key" 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mht9F(1).tmp" 
width=660></A></DIV></DIV>
<P>Above is the screen capture of a rsa-public.key dump. <I>PublicKeyInfo</I> 
starts with a sequence at octet 0 and is 221 octets in length. A nested sequence 
starts at offset 3, which implies the first sequence is 3 octets. The second 
sequence houses an OID: 1.2.840.113549.1.1.1, which is a RSA key and an ASN.1 
NULL (the ALGORITHM.type). </P>
<P>At offset 18 (with a length of 203 octets), the <I>RSAPublicKey</I> begins. 
From above we have the public modulus or <I>n</I> which is <TT>00 F8 54 F4 ... 
D9 D2 15 CC ... DB 7C 5F 2D</TT> (<I>dumpasn</I> takes the <I>-a</I> options 
which shows all the data, and not just the first 128 octets of an ASN.1 type). 
Following <I>n</I> is the public exponent. </P>
<P>OID lookups can usually be performed at the <A class="external text" 
href="http://www.oid-info.com/">OID Repository</A> if the tool cannot resolve an 
OID. Sometimes a web search is required to find a bleeding edge RFC or other 
standard's amendment. </P>
<H3><SPAN class=mw-headline id=RSA_PrivateKey>RSA PrivateKey </SPAN></H3>
<DIV class="thumb tright">
<DIV class=thumbinner style="WIDTH: 182px"><A class=image 
href="http://www.cryptopp.com/wiki/File:Rsa-private-dump.png"><IMG 
class=thumbimage height=193 alt="" 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mhtA2(1).tmp" 
width=180></A> 
<DIV class=thumbcaption>
<DIV class=magnify><A class=internal title=Enlarge 
href="http://www.cryptopp.com/wiki/File:Rsa-private-dump.png"><IMG height=11 
alt="" src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mht9C(1).tmp" 
width=15></A></DIV>Dump of RSA PrivateKeyInfo using 
dumpasn1</DIV></DIV></DIV>Dumping an ASN.1 encoded private key is similar to 
dumping the public key. The format is a <I>PrivateKeyInfo</I> (rather than 
<I>PublicKeyInfo</I>). Its structure is as follows and includes a version and 
optional attributes. <PRE>PrivateKeyInfo&nbsp;::= SEQUENCE {
  version Version,
  privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
  privateKey PrivateKey,
  attributes [0] IMPLICIT Attributes OPTIONAL
}</PRE>
<P>Things don't get interesting until we look at the <I>PrivateKey</I> 
encapsulated byt the <I>PrivateKeyInfo</I>. As with the <I>PublicKey</I>, since 
the <I>PrivateKey</I> has a RSA OID in the <I>PrivateKeyInfo</I>, the type is 
<I>RSAPrivateKey</I>. </P>
<P>Below is the structure which includes the familiar suspects: <I>e</I>, 
<I>d</I>, <I>p</I>, and <I>q</I>. The exponents are used for precomputation so 
the holder of the key does not need to use the <I>e</I>, <I>d</I>, <I>n</I> and 
the Chinese Remainder Theorem to recalculate useful internal values. </P><PRE>RSAPrivateKey&nbsp;::= SEQUENCE {
  version Version,
  modulus INTEGER,
  publicExponent INTEGER,
  privateExponent INTEGER,
  prime1 INTEGER,
  prime2 INTEGER,
  exponent1 INTEGER,
  exponent2 INTEGER,
  coefficient INTEGER
}</PRE>
<H3><SPAN class=mw-headline id=DSA_PublicKey>DSA PublicKey </SPAN></H3>
<TABLE align=right>
  <TBODY>
  <TR>
    <TD>
      <DIV class=center>
      <DIV class="thumb tnone">
      <DIV class=thumbinner style="WIDTH: 182px"><A class=image 
      href="http://www.cryptopp.com/wiki/File:Dsa-public-key.png"><IMG 
      class=thumbimage height=147 alt="" 
      src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mhtA5(1).tmp" 
      width=180></A> 
      <DIV class=thumbcaption>
      <DIV class=magnify><A class=internal title=Enlarge 
      href="http://www.cryptopp.com/wiki/File:Dsa-public-key.png"><IMG height=11 
      alt="" 
      src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mht9C(1).tmp" 
      width=15></A></DIV>DSA public 
key</DIV></DIV></DIV></DIV></TD></TR></TBODY></TABLE>
<P>The steps to dump a DSA public key are identical to that of RSA. DSA's OID is 
1.2.840.10040.4.1. DSA will include DSS domain parameters in the optional 
parameters. </P><PRE>PublicKeyInfo&nbsp;::= SEQUENCE {
  algorithm AlgorithmIdentifier,
  PublicKey BIT STRING
}

AlgorithmIdentifier&nbsp;::= SEQUENCE {
  algorithm ALGORITHM.id,
  parameters Dss-Parms
}

Dss-Parms&nbsp;::= SEQUENCE {
  p INTEGER,
  q INTEGER,
  g INTEGER
}</PRE>
<P>The DSA public key is simply the public exponent <I>Y</I> encoded as a bit 
string: </P><PRE>DSAPublicKey&nbsp;::= BITSTRING {
  publicExponent INTEGER
}</PRE>
<H3><SPAN class=mw-headline id=DSA_PrivateKey>DSA PrivateKey </SPAN></H3>
<TABLE align=right>
  <TBODY>
  <TR>
    <TD>
      <DIV class=center>
      <DIV class="thumb tnone">
      <DIV class=thumbinner style="WIDTH: 182px"><A class=image 
      href="http://www.cryptopp.com/wiki/File:Dsa-private-key.png"><IMG 
      class=thumbimage height=147 alt="" 
      src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mhtA8(1).tmp" 
      width=180></A> 
      <DIV class=thumbcaption>
      <DIV class=magnify><A class=internal title=Enlarge 
      href="http://www.cryptopp.com/wiki/File:Dsa-private-key.png"><IMG 
      height=11 alt="" 
      src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mht9C(1).tmp" 
      width=15></A></DIV>DSA private 
key</DIV></DIV></DIV></DIV></TD></TR></TBODY></TABLE>
<P>A DSA private key also uses the 1.2.840.10040.4.1 OID. Where a public key 
used a bit string (to encode its public exponent), the private key uses an octet 
string to encode the private exponent <I>X</I>: </P><PRE>PrivateKeyInfo&nbsp;::= SEQUENCE {
  version Version,
  algorithm AlgorithmIdentifier,
  PrivateKey OCTETSTRING
}

AlgorithmIdentifier&nbsp;::= SEQUENCE {
  algorithm ALGORITHM.id,
  parameters Dss-Parms
}

Dss-Parms&nbsp;::= SEQUENCE {
  p INTEGER,
  q INTEGER,
  g INTEGER
}

DSAPrivateKey&nbsp;::= OCTETSTRING {
  privateExponent INTEGER
}</PRE>
<H2><SPAN class=mw-headline id=Raw_vs_Cooked>Raw vs Cooked </SPAN></H2>
<DIV class="thumb tright">
<DIV class=thumbinner style="WIDTH: 182px"><A class=image 
href="http://www.cryptopp.com/wiki/File:Rsa-raw-vs-cooked.png"><IMG 
class=thumbimage height=136 alt="" 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mhtAB(1).tmp" 
width=180></A> 
<DIV class=thumbcaption>
<DIV class=magnify><A class=internal title=Enlarge 
href="http://www.cryptopp.com/wiki/File:Rsa-raw-vs-cooked.png"><IMG height=11 
alt="" src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mht9C(1).tmp" 
width=15></A></DIV>A single RSA key in binary and base64 
encodings</DIV></DIV></DIV>A key that is written in binary format is sometimes 
referred to as <I>raw</I> or <I>uncooked</I> (this applies to data in general, 
and not keys in particular). Sometimes it is advantageous (or required) to add 
some additional processing - for example, hex encoding or base64 encoding. A raw 
key that has been subjected to additional processing is sometimes referred to as 
<I>cooked</I> or <I>baked</I>. 
<P>In the accompanying image, anyone who has spent time examining dumps will 
recognize the binary string <TT>0x30 0x82 ...</TT> probably indicates the file 
is raw ASN.1. Similarly, a person will recognize a file starting with the ASCII 
string <TT>MII...</TT> is probably a Base64 encoded ASN.1 file. </P>
<P>Below, Hexadecimal and Base64 encoding are shown. The decoding is left as an 
exercise to the reader. </P>
<H3><SPAN class=mw-headline id=Hex_Encoding_and_Decoding>Hex Encoding and 
Decoding </SPAN></H3>
<P>If we wanted to hex encode the key during a save, we would add the following 
signatures. </P><PRE>void SaveHexPrivateKey(const string&amp; filename, const PrivateKey&amp; key);
void SaveHexPublicKey(const string&amp; filename, const PublicKey&amp; key);

void SaveHex(const string&amp; filename, const BufferedTransformation&amp; bt);</PRE>
<P>Finally, the hex encoded implementations would be as follows. </P><PRE>void SaveHexPrivateKey(const string&amp; filename, const PrivateKey&amp; key)
{
    ByteQueue queue;
    key.Save(queue);

    SaveHex(filename, queue);
}

void SaveHexPublicKey(const string&amp; filename, const PublicKey&amp; key)
{
    ByteQueue queue;
    key.Save(queue);

    SaveHex(filename, queue);
}

void SaveHex(const string&amp; filename, const BufferedTransformation&amp; bt)
{
    HexEncoder encoder;

    bt.CopyTo(encoder);
    encoder.MessageEnd();

    Save(filename, encoder);
}</PRE>
<H3><SPAN class=mw-headline id=Base64_Encoding_and_Decoding>Base64 Encoding and 
Decoding </SPAN></H3>
<P>If we wanted to add Base64 processing to the key during a save, we would add 
the following signatures. </P><PRE>void SaveBase64PrivateKey(const string&amp; filename, const PrivateKey&amp; key);
void SaveBase64PublicKey(const string&amp; filename, const PublicKey&amp; key);

void SaveBase64(const string&amp; filename, const BufferedTransformation&amp; bt);</PRE>
<P>Finally, the base 64'd implementations would be as follows. </P><PRE>void SaveBase64PrivateKey(const string&amp; filename, const PrivateKey&amp; key)
{
    ByteQueue queue;
    key.Save(queue);

    SaveBase64(filename, queue);
}

void SaveBase64PublicKey(const string&amp; filename, const PublicKey&amp; key)
{
    ByteQueue queue;
    key.Save(queue);

    SaveBase64(filename, queue);
}

void SaveBase64(const string&amp; filename, const BufferedTransformation&amp; bt)
{
    Base64Encoder encoder;

    bt.CopyTo(encoder);
    encoder.MessageEnd();

    Save(filename, encoder);
}</PRE>
<H2><SPAN class=mw-headline id=OpenSSL_Commands>OpenSSL Commands </SPAN></H2>
<P>The following offers OpenSSL commands for those who need to inter-operate 
with the OpenSSL library. </P>
<P>By default, Crypto++ uses DER encoding, while OpenSSL uses Privacy Enhanced 
Mail (PEM) encoding. PEM encoding is a Base64 encoding with a header and footer. 
One usually moves between DER and PEM encodings with the <TT>-inform</TT> and 
<TT>-outform</TT> switches. </P><PRE>$ openssl genrsa -out rsa-openssl.pem 256
Generating RSA private key, 256 bit long modulus
...
$ cat rsa-openssl.pem 
-----BEGIN RSA PRIVATE KEY-----
MIGrAgEAAiEA1+FPfSd+EaXYYU0LlPZ0K+k3uWFUb+s/8NxV9PEl1psCAwEAAQIg
RjBfY9W/S4WcgKZIKbqnsjYuQO5nEAGAjx/XY9za48ECEQD2EpdAXBwXDBC9NQGD
yUAJAhEA4JblIvDA6WOWr4KO79oCgwIQUfoFi3pkHUV2uiHTfFzqSQIRAJOcWamn
VwOOgwGD6/JU9YUCEQDUVTl+0TNEiA3SbsvbRya7
-----END RSA PRIVATE KEY-----
</PRE>
<P><TT><A class="external text" 
href="http://www.openssl.org/docs/apps/genpkey.html">genpkey(1)</A></TT> was not 
used because it was not available in the distribution's version of OpenSSL. </P><PRE>$ openssl version
OpenSSL 0.9.8k 25 Mar 2009
$ openssl genpkey
openssl:Error: 'genpkey' is an invalid command.
...

$ whereis genpkey
$ genpkey:</PRE>
<H3><SPAN class=mw-headline id=RSA_Public_Key_.28SubjectPublicKeyInfo.29>RSA 
Public Key (<I>SubjectPublicKeyInfo</I>) </SPAN></H3>
<P>The following commands create a RSA public key in PKCS #1/X.509 format which 
Crypto++ can consume. Recall the format is <I>SubjectPublicKeyInfo</I> with an 
OID (1.2.840.113549.1.1.1), and the <I>RSAPublicKey</I> (the inner key 
material). </P><PRE>$ openssl genrsa -out rsa-openssl.pem 3072
$ openssl rsa -in rsa-openssl.pem -pubout -outform DER -out rsa-openssl.der</PRE>
<H3><SPAN class=mw-headline id=RSA_Private_Key_.28PrivateKeyInfo.29>RSA Private 
Key (<I>PrivateKeyInfo</I>) </SPAN></H3>
<P>The following commands create an unencrypted RSA private key in PKCS #8 
format which Crypto++ can consume. Recall the format is <I>PrivateKeyInfo</I> 
with an OID (1.2.840.113549.1.1.1), version, and the <I>RSAPrivateKey</I> (the 
inner key material). </P><PRE>$ openssl genrsa -out rsa-openssl.pem 3072
$ openssl pkcs8 -nocrypt -in rsa-openssl.pem -inform PEM -topk8 -outform DER -out rsa-openssl.der</PRE>
<H3><SPAN class=mw-headline id=DSA_Public_Key_.28SubjectPublicKeyInfo.29>DSA 
Public Key (<I>SubjectPublicKeyInfo</I>) </SPAN></H3>
<P>The following commands create a DSA public key in PKCS #1/X.509 format which 
Crypto++ can consume. Recall the format is <I>SubjectPublicKeyInfo</I> with an 
OID (1.2.840.10040.4.1), DSS parameters, and the <I>DSAPublicKey</I> (the inner 
key material). </P><PRE>$ openssl dsaparam -out dsa-param-openssl.pem 1024
$ openssl gendsa -out dsa-openssl.pem dsa-param-openssl.pem
$ openssl dsa -in dsa-openssl.pem -pubout -outform DER -out dsa-openssl.der</PRE>
<H3><SPAN class=mw-headline id=DSA_Private_Key_.28PrivateKeyInfo.29>DSA Private 
Key (<I>PrivateKeyInfo</I>) </SPAN></H3>
<P>The following commands create an unencrypted DSA private key in PKCS #8 
format which Crypto++ can consume. Recall the format is <I>PrivateKeyInfo</I> 
with an OID (1.2.840.10040.4.1), version, DSS parameters, and the 
<I>DSAPrivateKey</I> (the inner key material). </P><PRE>$ openssl dsaparam -out dsa-param-openssl.pem 1024
$ openssl gendsa -out dsa-openssl.pem dsa-param-openssl.pem
$ openssl pkcs8 -nocrypt -in dsa-openssl.pem -inform PEM -topk8 -outform DER -out dsa-openssl.der</PRE>
<H3><SPAN class=mw-headline id=ECC_Public_Key_.28SubjectPublicKeyInfo.29>ECC 
Public Key (<I>SubjectPublicKeyInfo</I>) </SPAN></H3>
<P>The following commands create a ECC public key in PKCS #1/X.509 format which 
Crypto++ can consume. The curve is SEC's prime 256. </P><PRE>$ openssl ecparam -param_enc explicit -name secp256k1 -genkey -outform PEM -out ec-openssl.pem
$ openssl ec -param_enc explicit -inform PEM -in ec-openssl.pem -pubout -outform DER -out ec-openssl.der</PRE>
<H3><SPAN class=mw-headline id=ECC_Private_Key_.28PrivateKeyInfo.29>ECC Private 
Key (<I>PrivateKeyInfo</I>) </SPAN></H3>
<P>The following command creates an unencrypted ECC private key in PKCS #8 
format which Crypto++ can consume. The curve is SEC's prime 256. </P><PRE>$ openssl ecparam -name secp256k1 -genkey -param_enc explicit -outform DER -out ec-openssl.der</PRE>
<H2><SPAN class=mw-headline id=GnuTLS_Commands>GnuTLS Commands </SPAN></H2>
<P>The following GnuTLS commands should help those who use Gnu's secure 
transport library, <A class="external text" 
href="http://www.gnu.org/software/gnutls/">GnuTLS</A>. </P><PRE>$ gnutls-cli --version
gnutls-cli (GnuTLS) 2.8.5
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later &lt;http://gnu.org/licenses/gpl.html&gt;.
...
Written by Nikos Mavrogiannopoulos.</PRE>
<H3><SPAN class=mw-headline id=RSA_Public_Key_.28SubjectPublicKeyInfo.29_2>RSA 
Public Key (<I>SubjectPublicKeyInfo</I>) </SPAN></H3>
<P>According to Nikos Mavrogiannopoulos, GnuTLS 2.11 and above can use 
<TT>certtool</TT>'s <TT>--certificate-pubkey</TT> switch. See <I><A 
class="external text" 
href="http://lists.gnu.org/archive/html/help-gnutls/2010-11/msg00009.html">How 
to Create/Derive DER Encoded Public Keys (PKCS #1/X.509 
SubjectPublicKeyInfo)?</A></I>. </P>
<H3><SPAN class=mw-headline id=RSA_Private_Key_.28PrivateKeyInfo.29_2>RSA 
Private Key (<I>PrivateKeyInfo</I>) </SPAN></H3><PRE>$ certtool --generate-privkey --pkcs8 --outder --bits 3072 --outfile rsa-gnutls.der</PRE>
<H3><SPAN class=mw-headline id=DSA_Public_Key_.28SubjectPublicKeyInfo.29_2>DSA 
Public Key (<I>SubjectPublicKeyInfo</I>) </SPAN></H3>
<P>According to Nikos Mavrogiannopoulos, GnuTLS 2.11 and above can use 
<TT>certtool</TT>'s <TT>--certificate-pubkey</TT> switch. See <I><A 
class="external text" 
href="http://lists.gnu.org/archive/html/help-gnutls/2010-11/msg00009.html">How 
to Create/Derive DER Encoded Public Keys (PKCS #1/X.509 
SubjectPublicKeyInfo)?</A></I>. </P>
<H3><SPAN class=mw-headline id=DSA_Private_Key_.28PrivateKeyInfo.29_2>DSA 
Private Key (<I>PrivateKeyInfo</I>) </SPAN></H3><PRE>$ certtool --dsa --generate-privkey --pkcs8 --outder --bits 1024 --outfile dsa-gnutls.der</PRE>
<H2><SPAN class=mw-headline id=Downloads>Downloads </SPAN></H2>
<P><A class=internal title=Cryptopp-key-gen.zip 
href="http://www.cryptopp.com/w/images/4/4f/Cryptopp-key-gen.zip">cryptopp-key-gen.zip</A> 
- Generates, saves, loads, and validates keys for RSA and DSA in PKCS #8 and 
X.509 format. </P>
<P><A class=internal title=Cryptopp-key-encode.zip 
href="http://www.cryptopp.com/w/images/f/f7/Cryptopp-key-encode.zip">cryptopp-key-encode.zip</A> 
- Generates, encodes, and decodes RSA keys using DER encoding and BER decoding. 
</P><!-- 
NewPP limit report
Preprocessor node count: 498/1000000
Post-expand include size: 0/2097152 bytes
Template argument size: 0/2097152 bytes
Expensive parser function count: 0/100
--><!-- Saved in parser cache with key crypto-wikicryptopp_:pcache:idhash:1865-0!1!0!!en!2!edit=0 and timestamp 20110217174325 -->
<DIV class=printfooter>Retrieved from "<A 
href="mhtml:file://E:\sve-air\documentacion\Keys and Formats - Crypto++ Wiki.mht!http://www.cryptopp.com/wiki/Keys_and_Formats">http://www.cryptopp.com/wiki/Keys_and_Formats</A>"</DIV>
<DIV class=catlinks id=catlinks>
<DIV id=mw-normal-catlinks><A title=Special:Categories 
href="http://www.cryptopp.com/wiki/Special:Categories">Categories</A>: <SPAN 
dir=ltr><A title=Category:Sample 
href="http://www.cryptopp.com/wiki/Category:Sample">Sample</A></SPAN> | <SPAN 
dir=ltr><A title=Category:Download 
href="http://www.cryptopp.com/wiki/Category:Download">Download</A></SPAN></DIV></DIV><!-- end content -->
<DIV class=visualClear></DIV></DIV></DIV></DIV>
<DIV id=column-one>
<DIV class=portlet id=p-cactions>
<H5>Views</H5>
<DIV class=pBody>
<UL>
  <LI class=selected id=ca-nstab-main><A title="View the content page [c]" 
  accessKey=c 
  href="mhtml:file://E:\sve-air\documentacion\Keys and Formats - Crypto++ Wiki.mht!http://www.cryptopp.com/wiki/Keys_and_Formats">Page</A> 

  <LI class=new id=ca-talk><A title="Discussion about the content page [t]" 
  accessKey=t 
  href="http://www.cryptopp.com/w/index.php?title=Talk:Keys_and_Formats&amp;action=edit&amp;redlink=1">Discussion</A> 

  <LI id=ca-viewsource><A 
  title="This page is protected.&#10;You can view its source [e]" accessKey=e 
  href="http://www.cryptopp.com/w/index.php?title=Keys_and_Formats&amp;action=edit">View 
  source</A> 
  <LI id=ca-history><A title="Past revisions of this page [h]" accessKey=h 
  href="http://www.cryptopp.com/w/index.php?title=Keys_and_Formats&amp;action=history">History</A> 
  </LI></UL></DIV></DIV>
<DIV class=portlet id=p-personal>
<H5>Personal tools</H5>
<DIV class=pBody>
<UL>
  <LI id=pt-login><A 
  title="You are encouraged to log in; however, it is not mandatory [o]" 
  accessKey=o 
  href="http://www.cryptopp.com/w/index.php?title=Special:UserLogin&amp;returnto=Keys_and_Formats">Log 
  in / create account</A> </LI></UL></DIV></DIV>
<DIV class=portlet id=p-logo><A title="Visit the main page" 
style="BACKGROUND-IMAGE: url(http://www.cryptopp.com/w/images/0/0b/Logo-Steel.png)" 
href="http://www.cryptopp.com/wiki/Main_Page"></A></DIV>
<SCRIPT type=text/javascript> if (window.isMSIE55) fixalpha(); </SCRIPT>

<DIV class="generated-sidebar portlet" id=p-navigation>
<H5>Navigation</H5>
<DIV class=pBody>
<UL>
  <LI id=n-mainpage-description><A title="Visit the main page [z]" accessKey=z 
  href="http://www.cryptopp.com/wiki/Main_Page">Main page</A> 
  <LI id=n-portal><A 
  title="About the project, what you can do, where to find things" 
  href="http://www.cryptopp.com/wiki/Crypto++_Wiki:Community_portal">Community 
  portal</A> 
  <LI id=n-currentevents><A 
  title="Find background information on current events" 
  href="http://www.cryptopp.com/wiki/Crypto++_Wiki:Current_events">Current 
  events</A> 
  <LI id=n-recentchanges><A title="The list of recent changes in the wiki [r]" 
  accessKey=r href="http://www.cryptopp.com/wiki/Special:RecentChanges">Recent 
  changes</A> 
  <LI id=n-randompage><A title="Load a random page [x]" accessKey=x 
  href="http://www.cryptopp.com/wiki/Special:Random">Random page</A> 
  <LI id=n-help><A title="The place to find out" 
  href="http://www.cryptopp.com/wiki/Help:Contents">Help</A> 
</LI></UL></DIV></DIV>
<DIV class=portlet id=p-search>
<H5><LABEL for=searchInput>Search</LABEL></H5>
<DIV class=pBody id=searchBody>
<FORM id=searchform action=/w/index.php><INPUT type=hidden value=Special:Search 
name=title> <INPUT id=searchInput title="Search Crypto++ Wiki" accessKey=f 
type=search name=search> <INPUT class=searchButton id=searchGoButton title="Go to a page with this exact name if exists" type=submit value=Go name=go>&nbsp; 
<INPUT class=searchButton id=mw-searchButton title="Search the pages for this text" type=submit value=Search name=fulltext> 
</FORM></DIV></DIV>
<DIV class=portlet id=p-tb>
<H5>Toolbox</H5>
<DIV class=pBody>
<UL>
  <LI id=t-whatlinkshere><A title="List of all wiki pages that link here [j]" 
  accessKey=j 
  href="http://www.cryptopp.com/wiki/Special:WhatLinksHere/Keys_and_Formats">What 
  links here</A> 
  <LI id=t-recentchangeslinked><A 
  title="Recent changes in pages linked from this page [k]" accessKey=k 
  href="http://www.cryptopp.com/wiki/Special:RecentChangesLinked/Keys_and_Formats">Related 
  changes</A> 
  <LI id=t-specialpages><A title="List of all special pages [q]" accessKey=q 
  href="http://www.cryptopp.com/wiki/Special:SpecialPages">Special pages</A> 
  <LI id=t-print><A title="Printable version of this page [p]" accessKey=p 
  href="http://www.cryptopp.com/w/index.php?title=Keys_and_Formats&amp;printable=yes" 
  rel=alternate>Printable version</A> 
  <LI id=t-permalink><A title="Permanent link to this revision of the page" 
  href="http://www.cryptopp.com/w/index.php?title=Keys_and_Formats&amp;oldid=6666">Permanent 
  link</A> </LI></UL></DIV></DIV></DIV><!-- end of the left (by default at least) column -->
<DIV class=visualClear></DIV>
<DIV id=footer>
<DIV id=f-poweredbyico><A href="http://www.mediawiki.org/"><IMG height=31 
alt="Powered by MediaWiki" 
src="Keys%20and%20Formats%20-%20Crypto++%20Wiki_archivos/mhtAE(1).tmp" 
width=88></A></DIV>
<UL id=f-list>
  <LI id=lastmod>This page was last modified on 24 November 2010, at 20:28. 
  <LI id=viewcount>This page has been accessed 3,564 times. 
  <LI id=privacy><A title="Crypto++ Wiki:Privacy policy" 
  href="http://www.cryptopp.com/wiki/Crypto++_Wiki:Privacy_policy">Privacy 
  policy</A> 
  <LI id=about><A title="Crypto++ Wiki:About" 
  href="http://www.cryptopp.com/wiki/Crypto++_Wiki:About">About Crypto++ 
  Wiki</A> 
  <LI id=disclaimer><A title="Crypto++ Wiki:General disclaimer" 
  href="http://www.cryptopp.com/wiki/Crypto++_Wiki:General_disclaimer">Disclaimers</A> 
  </LI></UL></DIV></DIV>
<SCRIPT>if (window.runOnloadHook) runOnloadHook();</SCRIPT>
<!-- Served in 0.334 secs. --></BODY></HTML>
